b"     STATEMENT OF HERBERT RICHARDSON\n    PRINCIPAL DEPUTY INSPECTOR GENERAL\n         U.S. DEPARTMENT OF ENERGY\n\n\n\n\n                  BEFORE THE\n        U.S. HOUSE OF REPRESENTATIVES\n     COMMITTEE ON ENERGY AND COMMERCE\nSUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS\n\n\n\n\n                             FOR RELEASE ON DELIVERY\n                             Thursday, March 4, 2004\n\x0cMr. Chairman and members of the Subcommittee, I am pleased to be here today to respond to\n\nyour request to testify regarding physical security at the Department of Energy\xe2\x80\x99s facilities. The\n\nDepartment\xe2\x80\x99s activities range from nuclear nonproliferation, to cutting edge research and\n\ndevelopment, to weapons programs. The sensitive and critical nature of the Department\xe2\x80\x99s work\n\nnecessitates that its security operations be robust, and for the last several years, the Office of\n\nInspector General has identified security as one of the most critical management challenges\n\nfacing the Department. Therefore, our office devotes a significant portion of its resources to\n\nreviewing the effectiveness of those operations. Our work has been extensive and across the\n\nsecurity spectrum, including physical security, personnel security, cyber security, and the\n\nprotection of Department assets, such as computers, firearms, and nuclear materials.\n\n\n\nThe cumulative body of our work over the last several years demonstrates that, although the\n\nDepartment has taken a number of actions to enhance its security operations, particularly in\n\nresponse to the events of 9/11, there needs to be a continuing effort to ensure the integrity of the\n\nDepartment\xe2\x80\x99s security. Today, I will discuss recent Office of Inspector General reviews related\n\nto the Department\xe2\x80\x99s protective forces and access controls. The three reviews I will focus on\n\naddress (1) improprieties in protective force performance testing at the Department\xe2\x80\x99s Oak Ridge\n\ncomplex, (2) inadequate internal controls over the reporting of security incidents at the Lawrence\n\nLivermore National Laboratory, and (3) issues concerning the Department\xe2\x80\x99s standardized core\n\ntraining curriculum for protective force personnel.\n\n\n\n\n                                                   1\n\x0c       Protective Force Performance Test Improprieties (DOE/IG-0636, January 2004)\n\n\n\nFirst, I will discuss an Office of Inspector General review of protective force performance test\n\nimproprieties. On June 26, 2003, a protective force performance test was conducted at the\n\nDepartment\xe2\x80\x99s Y-12 National Security Complex. The purpose of the test was to obtain realistic\n\ndata for developing the Y-12 Site Safeguards and Security Plan. The mission at the site includes\n\na number of national security related activities, such as enriched uranium warehousing, weapon\n\ndismantlement and storage, and manufacturing of nuclear weapon components. These activities\n\nnecessitate that the site have a protective force capable of responding to potential security\n\nincidents such as a terrorist attack.\n\n\n\nComputer simulations conducted prior to the June 2003 performance test had predicted that the\n\nresponder (defending) protective forces would decisively lose two of the four scenarios that\n\ncomprised the test. When the responder protective forces won all four of the scenarios during the\n\nJune 26, 2003, performance test, the Y-12 Site Office Manager became concerned that the test may\n\nhave been compromised. The Manager initiated an internal inquiry, which raised issues related to\n\nresponder protective force personnel having had access to the computer simulations of the four\n\nscenarios prior to the performance test. Subsequently, at the Y-12 Site Office Manager\xe2\x80\x99s request,\n\nthe Office of Inspector General initiated a review to address these issues.\n\n\n\nOur inspection confirmed that the results of the June 26, 2003, performance test may have been\n\ncompromised. We determined that shortly before the test, two participating protective force\n\npersonnel were permitted to view the computer simulations of the four scenarios. The two\n\n\n\n\n                                                 2\n\x0cindividuals denied that the information to which they were given access affected their actions or\n\ndirections to others who participated in the exercise. However, when we viewed the computer\n\nsimulations, it became clear that the occurrence of certain specific events would identify which\n\nscenario was being initiated by the aggressor force. The responder protective force could use\n\nthis information during the performance test to readily identify at the beginning of a scenario\n\nwhich target was being attacked and respond accordingly. The order in which the targets would\n\nbe attacked was controlled test sensitive information. Therefore, in our judgment, the test results\n\nwere tainted and unreliable.\n\n\n\nBased on information developed during our review, the scope of the inspection was expanded to\n\nexamine whether there had been a pattern over time of site security personnel compromising\n\nprotective force performance tests. During our inspection, we interviewed over 30 current and\n\nformer site security police officers (SPOs) and SPO supervisors. We received compelling\n\ntestimony from a number of individuals that there has been a pattern of actions by site security\n\npersonnel spanning back to the mid-1980\xe2\x80\x99s that may have negatively affected the reliability of\n\nperformance tests at the Oak Ridge complex, including those conducted during Headquarters\n\noversight reviews. Several individuals told us, for example, that controlled information was\n\nshared with SPOs prior to their participation in a given performance test, including the\n\nfollowing:\n\n\n\n   \xe2\x80\xa2   The specific building and wall to be attacked by the test adversary;\n\n   \xe2\x80\xa2   Whether or not a diversionary tactic would be employed by the test adversary; and\n\n   \xe2\x80\xa2   The specific target of the test adversary.\n\n\n\n\n                                                    3\n\x0cWe did not find documentary evidence to support or refute the testimonial evidence. However, it\n\nwas clear that if controlled information was, in fact, disclosed prior to the performance tests, the\n\nreliability of the information used to evaluate the efficacy of the protective force at the Oak\n\nRidge complex was in question.\n\n\n\nWe made a series of recommendations to site management designed to enhance the integrity of\n\nfuture performance tests at the Oak Ridge complex. We also recommended that the Director,\n\nOffice of Independent Oversight and Performance Assurance take action to ensure the integrity\n\nand realism of future performance tests at Y-12 and other Department facilities. Management\n\nconcurred with our recommendations.\n\n\n\n                   Reporting of Security Incidents at the Lawrence Livermore\n\n                     National Laboratory (DOE/IG-0625, November 2003)\n\n\n\nNext, I will discuss our review of the reporting of security incidents at the Department\xe2\x80\x99s\n\nLawrence Livermore National Laboratory. Livermore also performs activities that require\n\nextremely high levels of security. On May 5, 2003, Livermore reported to the Department that a\n\nset of master keys had been discovered to be missing on April 17, 2003. On May 30, 2003,\n\nLivermore reported to the Department that a master Tesa card, which is a plastic card-like key\n\nwith a magnetic strip, had been discovered to be missing on April 12, 2003. These losses and the\n\ndelay in reporting them raised security concerns; therefore, we initiated a review to determine the\n\nadequacy of internal controls for reporting and mitigating security incidents at Livermore.\n\n\n\n\n                                                  4\n\x0cWe concluded that Livermore did not have adequate internal controls to ensure that security\n\nincidents involving missing master keys and master Tesa cards were reported within required\n\ntimeframes and that timely follow-up actions were taken to identify and address potential\n\nsecurity vulnerabilities resulting from the incidents. Specifically, we found that Livermore\n\nsecurity officials:\n\n\n\n    \xe2\x80\xa2   Misinterpreted fundamental Department reporting requirements for security incidents and\n\n        did not immediately recognize the significant security implications of the missing master\n\n        keys and master Tesa card;\n\n    \xe2\x80\xa2   Did not report the security incidents involving the missing master keys and master Tesa\n\n        card to the Department within required timeframes;\n\n    \xe2\x80\xa2   Did not immediately assess potential security risks to identify vulnerabilities resulting\n\n        from the missing master keys and master Tesa card; and\n\n    \xe2\x80\xa2   Did not take timely action to mitigate the potential vulnerabilities resulting from the\n\n        missing master keys and master Tesa card.\n\n\n\nDuring our review, we learned that a May 2003 inventory by Livermore identified an additional\n\nthree master keys and two master Tesa cards that were missing. Further, two of the three\n\nmissing master keys had been reported to Livermore\xe2\x80\x99s Protective Force Division more than three\n\nyears before, but the Protective Force Division did not conduct an inventory or determine why\n\nthe keys were missing. We also noted that recent Department and Livermore oversight reviews\n\n\n\n\n                                                  5\n\x0cof Livermore\xe2\x80\x99s safeguards and security operations did not identify internal control weaknesses\n\nrelated to the control and inventory of master keys and master Tesa cards.\n\n\n\nLivermore has initiated actions to replace or upgrade locks. The associated costs may be\n\nsignificant. We questioned the allowability of these costs because we believe that Livermore\n\nfailed to ensure compliance with established internal controls over the master keys and master\n\nTesa cards.\n\n\n\nIn response to our report recommendations, management identified corrective actions, including\n\nimplementation of additional procedures and training. We believe, however, that management\n\nneeds to do more to assure that Livermore places greater emphasis on the need to strictly follow\n\nits processes and procedures for reporting and mitigating security incidents.\n\n\n\n          The Department\xe2\x80\x99s Basic Protective Force Training Program (draft report)\n\n\n\nLastly, I will discuss a soon to be released audit report on protective force training. The\n\nDepartment employs approximately 4,100 contractor personnel dedicated to serving as\n\nuniformed security officers responsible for protecting Department sites. This includes\n\napproximately 500 officers hired subsequent to the events of 9/11 as part of the Department\xe2\x80\x99s\n\nefforts to enhance its security posture. The Department\xe2\x80\x99s significant security mission\n\nnecessitates that its protective forces be adequately trained. The Department\xe2\x80\x99s policy is to train\n\nits security forces to deal with a broad spectrum of threats by providing a standardized, core\n\ntraining curriculum that ensures interoperability across the complex. We initiated an audit to\n\n\n\n\n                                                 6\n\x0cdetermine whether sites were meeting the Department's standardized, basic protective force core\n\ntraining curriculum. We did not specifically look at the appropriateness of the existing core\n\ncurriculum.\n\n\n\nWe determined that 10 of the 12 sites included in our review had made significant modifications\n\nto the Department\xe2\x80\x99s established protective force core curriculum. Specifically:\n\n\n\n   \xe2\x80\xa2   Each of the 10 sites eliminated or modified 2 or more blocks of instruction from the core\n\n       curriculum. At 1 site, about 40 percent of the basic security police officer core\n\n       curriculum, including courses in the use of shotguns and baton techniques, was\n\n       eliminated;\n\n   \xe2\x80\xa2   Seven sites used reduced force training methods for skills that some security experts\n\n       characterized as critical, such as handcuffing, hand-to-hand combat, and vehicle assaults;\n\n       and\n\n   \xe2\x80\xa2   None of the 10 sites included instruction in rappelling, a core curriculum course for\n\n       special response team training.\n\n\n\nFurther, we noted that Department managers had not always been informed of modifications in\n\nthe core curriculum, which excluded them from reaching any judgment as to the impact of these\n\nactions on the Department\xe2\x80\x99s security interests. We noted that modifications to the core\n\ncurriculum and training delivery methods occurred because site security managers questioned the\n\napplicability of certain courses or had safety concerns. The resulting variations were not always\n\ndetected, or their impact on readiness assessed, because the Department did not require the sites\n\n\n\n\n                                                7\n\x0cto report departures from the core training requirements to either the program offices or the\n\nOffice of Security.\n\n\n\nWe concluded that modifications to the core curriculum may increase the risk that the\n\nDepartment's protective forces will not be appropriately and fully trained to carry out their\n\nsecurity responsibilities. Also, in our judgment, the high number of modifications raises serious\n\nquestions about the validity of the curriculum. Management generally concurred with our report\n\nrecommendations.\n\n\n\n                                         CONCLUSION\n\n\n\nIn general, the Department has been receptive to our work and has concurred with our\n\nrecommendations. However, a number of those recommendations are still awaiting the\n\ncompletion of implementation actions by the Department. We will continue to examine the\n\nDepartment\xe2\x80\x99s programs and operations for additional ways we can facilitate the enhancement of\n\nthe Department\xe2\x80\x99s security posture and ensure the Department is fulfilling its critical role in this\n\nNation\xe2\x80\x99s security.\n\n\n\nMr. Chairman and members of the Subcommittee, this concludes my statement. I will be pleased\n\nto answer any questions.\n\n\n\n\n                                                  8\n\x0c"